https://bugzilla.suse.com/show_bug.cgi?id=1231186 Bug ID: 1231186 Summary: VUL-0: CVE-2024-47515: pagure: generate_archive() follows symbolic links in temporary clones Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/422443/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dominik@wombacher.cc Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: camila.matos@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This results in the ability to craft valid administrator sessions and take over the Pagure instance. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47515 https://bugzilla.redhat.com/show_bug.cgi?id=2315806 -- You are receiving this mail because: You are on the CC list for the bug.